jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » APTTrail: oldgremlin indicators and references

APTTrail: oldgremlin indicators and references

Ioc 1 min lectura oldgremlin
Fecha
18 Jun 2026
Actor
oldgremlin
Tipo
Ioc
Pais
Russia
Sector
-
Confianza
high
100
Prioridad analitica
Alta

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

30IOCs
0TTPs
oldgremlinActor
RussiaPais
Executive Summary
APTTrail mantiene indicadores publicos asociados a oldgremlin. Aliases observados: oldgremlin, tinyfluff. Conteo por tipo: domain: 26, ipv4: 2, url: 11.

Key Points

  • https://app.any.run/tasks/f21e3a4f-b734-4285-96b4-d2f274e19413/
  • https://blog.group-ib.com/oldgremlin_comeback
  • https://otx.alienvault.com/pulse/5f6ccbe362057a239425fc18
  • https://rt-solar.ru/events/news/1915/ (Russian)
  • https://twitter.com/ShadowChasing1/status/1293834710703996928

Resumen APTTrail

APTTrail mantiene indicadores publicos asociados a oldgremlin. Aliases observados: oldgremlin, tinyfluff. Conteo por tipo: domain: 26, ipv4: 2, url: 11.

Indicadores de Compromiso (IOCs)

TipoValorContexto
Domaina3c65c.orgAPTTrail
Domainbroken-poetry-de86.nscimupf.workers.devAPTTrail
Domaincalm-night-6067.bhrcaoqf.workers.devAPTTrail
Domainccdn.microsoftdocs.workers.devAPTTrail
Domaincurly-sound-d93e.ygrhxogxiogc.workers.devAPTTrail
Domaineccbc8.comAPTTrail
Domainhello.tyvbxdobr0.workers.devAPTTrail
Domainksdkpwpfrtyvbxdobr1.tiyvbxdobr1.workers.devAPTTrail
Domainksdkpwprtyvbxdobr0.tyvbxdobr0.workers.devAPTTrail
Domainlate-salad-2839.yriqwzjskbbg.workers.devAPTTrail
Domainmirfinance.orgAPTTrail
Domainnoisy-cell-7d07.poecdjusb.workers.devAPTTrail
Domainns1.a3c65c.orgAPTTrail
Domainns1.eccbc8.comAPTTrail
Domainns2.a3c65c.orgAPTTrail
Domainns2.eccbc8.comAPTTrail
Domainns3.a3c65c.orgAPTTrail
Domainns3.eccbc8.comAPTTrail
Domainns4.a3c65c.orgAPTTrail
Domainns4.eccbc8.comAPTTrail
Domainodd-thunder-c853.tkbizulvc.workers.devAPTTrail
Domainold-mud-23cb.tkbizulvc.workers.devAPTTrail
Domainrbcholding.pressAPTTrail
Domainrough-grass-45e9.poecdjusb.workers.devAPTTrail
Domainwispy-fire-1da3.nscimupf.workers.devAPTTrail
Domainwispy-surf-fabd.bhrcaoqf.workers.devAPTTrail
IP161.35.41.9:53:53APTTrail
IP46.101.113.161:53APTTrail
URLhttp://136.244.67.59APTTrail
URLhttp://159.65.198.79APTTrail

Referencias

Diamond Model

Adversary
oldgremlin
Ver perfil →
Victim
APTTrail: oldgremlin indicators and references
Russia
Capability
Ioc
Infrastructure
a3c65c.org
broken-poetry-de86.nscimupf.workers.dev
calm-night-6067.bhrcaoqf.workers.dev
ccdn.microsoftdocs.workers.dev

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain a3c65c.org APTTrail VT OffSec SOCRadar
Domain broken-poetry-de86.nscimupf.workers.dev APTTrail VT OffSec SOCRadar
Domain calm-night-6067.bhrcaoqf.workers.dev APTTrail VT OffSec SOCRadar
Domain ccdn.microsoftdocs.workers.dev APTTrail VT OffSec SOCRadar
Domain curly-sound-d93e.ygrhxogxiogc.workers.dev APTTrail VT OffSec SOCRadar
Domain eccbc8.com APTTrail VT OffSec SOCRadar
Domain hello.tyvbxdobr0.workers.dev APTTrail VT OffSec SOCRadar
Domain ksdkpwpfrtyvbxdobr1.tiyvbxdobr1.workers.dev APTTrail VT OffSec SOCRadar
Domain ksdkpwprtyvbxdobr0.tyvbxdobr0.workers.dev APTTrail VT OffSec SOCRadar
Domain late-salad-2839.yriqwzjskbbg.workers.dev APTTrail VT OffSec SOCRadar
Domain mirfinance.org APTTrail VT OffSec SOCRadar
Domain noisy-cell-7d07.poecdjusb.workers.dev APTTrail VT OffSec SOCRadar
Domain ns1.a3c65c.org APTTrail VT OffSec SOCRadar
Domain ns1.eccbc8.com APTTrail VT OffSec SOCRadar
Domain ns2.a3c65c.org APTTrail VT OffSec SOCRadar
Domain ns2.eccbc8.com APTTrail VT OffSec SOCRadar
Domain ns3.a3c65c.org APTTrail VT OffSec SOCRadar
Domain ns3.eccbc8.com APTTrail VT OffSec SOCRadar
Domain ns4.a3c65c.org APTTrail VT OffSec SOCRadar
Domain ns4.eccbc8.com APTTrail VT OffSec SOCRadar
Domain odd-thunder-c853.tkbizulvc.workers.dev APTTrail VT OffSec SOCRadar
Domain old-mud-23cb.tkbizulvc.workers.dev APTTrail VT OffSec SOCRadar
Domain rbcholding.press APTTrail VT OffSec SOCRadar
Domain rough-grass-45e9.poecdjusb.workers.dev APTTrail VT OffSec SOCRadar
Domain wispy-fire-1da3.nscimupf.workers.dev APTTrail VT OffSec SOCRadar
Domain wispy-surf-fabd.bhrcaoqf.workers.dev APTTrail VT OffSec SOCRadar
IP 161.35.41.9:53:53 APTTrail VT OffSec SOCRadar
IP 46.101.113.161:53 APTTrail VT OffSec SOCRadar
URL http://136.244.67.59 APTTrail VT OffSec SOCRadar
URL http://159.65.198.79 APTTrail VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor oldgremlin en el blog → Ver oldgremlin en IntelTracker → URL IntelTracker: app.any.run→ URL IntelTracker: blog.group-ib.com→ URL IntelTracker: otx.alienvault.com→ URL IntelTracker: rt-solar.ru→ URL IntelTracker: twitter.com→ URL IntelTracker: twitter.com → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com→ Fuente OSINT: app.any.run→ Fuente OSINT: blog.group-ib.com→ Fuente OSINT: otx.alienvault.com→ Fuente OSINT: rt-solar.ru → Buscar oldgremlin en APTTrail → Repositorio APTTrail → Mas incidentes en Russia → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen